Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT - UDP not being translated?

Got a strange situation with udp not being translated with "ip nat enable".

Config:

interface FastEthernet0/0.22

description NAT INT for VRF TEST

encapsulation dot1Q 22

ip vrf forwarding TEST10

ip address 10.0.15.1 255.255.255.0

ip nat enable

no snmp trap link-status

!

ip nat pool NAT xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask 255.255.255.248 add-route

ip nat source list 2 pool NAT vrf TEST10 overload

access-list 2 permit 10.0.5.0 0.0.0.255

access-list 2 permit 10.0.10.0 0.0.0.255

access-list 2 permit 10.0.16.0 0.0.0.255

Device with 10.0.16.2 can successfully ping/telnet to Internet Addresses, but cannot perform udp (TFTP/DNS etc)

Example:

Successful ping from 10.0.16.2 -> DNS server (203.149.65.1) tcpdump:

10:31:55.000374 IP (tos 0x0, ttl 124, id 2309, offset 0, flags [none], length: 60) routable_nat_address > isp1.datafx.com.au: icmp 40: echo request seq 34049

10:31:55.000381 IP (tos 0x0, ttl 64, id 2423, offset 0, flags [none], length: 60) isp1.datafx.com.au > routable_nat_address: icmp 40: echo reply seq 34049

Then, unsuccessful tftp tcpdump:

11:25:10.877357 IP (tos 0x0, ttl 124, id 2592, offset 0, flags [none], length: 44) 10.0.16.2.4120 > 203.149.67.254.tftp: [udp sum ok] 16 RRQ "test" netascii

11:25:10.880978 IP (tos 0x0, ttl 64, id 21600, offset 0, flags [DF], length: 47) 203.149.67.254.32775 > 10.0.16.2.4120: [bad udp cksum 49db!] UDP, length: 19

11:25:11.871403 IP (tos 0x0, ttl 124, id 2593, offset 0, flags [none], length: 44) 10.0.16.2.4120 > 203.149.67.254.tftp: [udp sum ok] 16 RRQ "test" netascii

11:25:11.871716 IP (tos 0x0, ttl 64, id 21699, offset 0, flags [DF], length: 47) 203.149.67.254.32775 > 10.0.16.2.4120: [bad udp cksum 49db!] UDP, length: 19

As you can see - For some reason 10.0.16.2 is not being translated for the udp request?

Any suggestions greatly appreciated.

  • Other Network Infrastructure Subjects
1 REPLY
Silver

Re: NAT - UDP not being translated?

You might be running into a bug here. Check this Bug-Id:CSCsd14449

245
Views
0
Helpful
1
Replies
This widget could not be displayed.